- Apache Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request containing strings like "/\../" may allow attackers to work around the context restriction of the proxy, and access the non-proxied contexts.
- Upgrade to Apache Tomcat 5.5.22/6.0.10 or newer.
- WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)
- WordPress Plugin BuddyPress Docs Security Bypass (1.9.2)
- WordPress Plugin Search 10 times faster with Elasticsearch or Apache Solr with lots of data-WPSOLR Unspecified Vulnerability (15.1)
- WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)
- WordPress Plugin HMS Testimonials Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (2.0.10)